Norv

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5 **Description** The issue is related to the `loadUserSettings` function in Load.php, which does not properly handle invalid login attempts. This could make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. **Recommendations** For Simple Machines Forum (SMF) versions prior to 1.1.13, update to version 1.1.13 or later. For Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5 **Description** A cross-site scripting (XSS) issue exists in the EditNews function in ManageNews.php. This could allow remote authenticated users to inject arbitrary web script or HTML via a save items action. **Recommendations** For versions prior to 1.1.13, update to version 1.1.13 or later. For versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.